CVE-2026-43376

EPSS 0.06%
Veröffentlicht 08.05.2026 14:21:25
Zuletzt bearbeitet 15.05.2026 15:15:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ksmbd: fix use-after-free by using call_rcu() for oplock_info

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free by using call_rcu() for oplock_info

ksmbd currently frees oplock_info immediately using kfree(), even
though it is accessed under RCU read-side critical sections in places
like opinfo_get() and proc_show_files().

Since there is no RCU grace period delay between nullifying the pointer
and freeing the memory, a reader can still access oplock_info
structure after it has been freed. This can leads to a use-after-free
especially in opinfo_get() where atomic_inc_not_zero() is called on
already freed memory.

Fix this by switching to deferred freeing using call_rcu().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 14 VulnDex Vulnerability Enrichment 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.6.88 < 6.6.130

Linux ≫ Linux Kernel Version >= 6.12.25 < 6.12.78

Linux ≫ Linux Kernel Version >= 6.14.4 < 6.15

Linux ≫ Linux Kernel Version >= 6.15.1 < 6.18.19

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.9

Linux ≫ Linux Kernel Version6.15 Update-

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Linux ≫ Linux Kernel Version6.15 Updaterc5

Linux ≫ Linux Kernel Version6.15 Updaterc6

Linux ≫ Linux Kernel Version6.15 Updaterc7

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.189

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/302fef75512b2c8329a3f5efab1ae7ba2562387a

Patch

https://git.kernel.org/stable/c/08aa9f3c8cf4d0bee44df540dfe34e8d64069f2c

Patch

https://git.kernel.org/stable/c/1d6abf145615dbfe267ce3b0a271f95e3780e18e

Patch

https://git.kernel.org/stable/c/ce8507ee82c888126d8e7565e27c016308d24cde

Patch

https://git.kernel.org/stable/c/1dfd062caa165ec9d7ee0823087930f3ab8a6294

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-43376

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43376

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43376

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43376